Module 3 Internal Control Systems

Question 1

What is the purpose of a system of internal control?

Answer 1

To provide directors with reasonable assurance over:

The reliability of financial reporting

The effectiveness and efficiency of operations

Compliance with applicable laws and regulations

Question 2

What are the five components of internal control?

Answer 2

CRIME

Control Environment - Management view/attitude
Risk assessment process - How is risk assessed?
Information Systems - Ensuring data is complete and accurate
Control activities - the procedures and policies of implementing internal control
Monitoring of controls - How the control activities monitored

Question 3

What is accounting information systems?

Answer 3

Structures used by organisations to collect, store and process financial and accounting data

Question 4

What are the 5 categories of control activities?

Answer 4

APIPS

Authorisation control - Transactions are authorised by personnel acting within the scope of their authority

Performance Review - Reviewing information to highlight any exceptions or controls that have not operated effectively

Information processing controls - IT General Controls and Application controls (Transactional level) (IT Application Controls/ Manual Application controls)

Physical controls - Limit access to assets and important records

Segregation of duties - To mitigate the risk that individuals are put in a position that they would be able to carry out a fraud or error and then conceal it

Question 5

What are the six commonly used IT application controls

Answer 5

Audit Log - Keeping a log of activities that can be reviewed

Batch controls - A manual count is made before entering into the system and the numbers are compared at the end to make sure it is correct

Programmed Editing - Computer is programmed to anticipate entries fields

Calculation - Automatic calculations

Check digits - A alphanumeric digit added to a number for detecting the sorts of errors humans typically make.

Exception reports - A report that identifies any transactions that are outside the normal expected range

Question 6

What are the limitations of internal control systems?

Answer 6

RC CHUM

Relevancy/Obsolescence - Control activities can become irrelevant over time as technologies and business needs change

Cost - When the cost is greater than the benefit

Collusion - Two or more employees working together to circumvent control activities

Human error - the risk of mistakes

Unusual/infrequent transactions - Unusual/Infrequent transactions are inherently risky.

Management override - The risk of management overriding controls

Question 7

What are the four commonly covered areas by ITGC?

Answer 7

Access to programs and data
Program changes and development
Computer operations
Continuity of operations

Question 8

Program changes and development, what needs to be considered?

Answer 8

Authorisation
Development
Testing
Approval

Question 9

What are the stages of system development life cycle

Answer 9

Business analysis
Feasibility study 
Systems analysis 
Design
Development
Testing 
Implementation 
Maintenance 
Post implementation review
Enhancements/Wish list